You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

As recommended by Quietman7, here is the HijackThis log. The original infection was w32.spybot.worm, but there appear to have been multiple infections. The original trojans may have been cleared. So far, I have run Norton, Spybot and Adaware and Sysclean Safe Mode as well as Ewido. Attempts to run Trend Micro Housecall failed in the delete phase. Panda could not be launced at all. Still many pop-ups and computer extremely slow. It seems like I am unable to run things when connected to the internet.

BC AdBot (Login to Remove)

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.

I need to see a different type of log from Hijackthis

Run Hijackthis.

Click on "Open the Misc Tools section".

Next click on "Open uninstall manager".

Press the button 'save list'. It will open a Notepad file.

Place the content of that file here in your in your next reply.

If I have helped you in any way, please consider a donation to help me continue the fight against malware.

Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!

Don't be concerned if you get errors when uninstalling any of these. Once you've worked through them all, reboot your computer and post a new hijackthis log(original log).

If I have helped you in any way, please consider a donation to help me continue the fight against malware.

Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!

If I have helped you in any way, please consider a donation to help me continue the fight against malware.

Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!

Windows could not find the file - That executable is not in the folder SurfSideKick 3. SskBho.dll and Sskcore.dll are the only 2 files I see there. Prior to all this, I may have deleted it but I cannot recall at this point.

Just curious what that /u does - looks like an old DOS switch, but I don't really need to know.

Anyway, should I just proceed with the Destroyer part or wait until SurfSideKick issue is resolved?

Thanks.

Steve

The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents. - Nathaniel Borenstein (1957 - )

Unable to run C:\Program Files\SurfSideKick 3\Ssk.exe /u since Ssk.exe seems to be gone. I tried manually deleting the Folder SurfSidekick 3, but received a message that SskBho.dll was in use by another program.

Then please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post the entire contents of the log.txt file in the aproposfix folder.

Click Yes and follow the prompts, when prompted to restart the PC please do so.

Please post a new hijackthis log along with the log from Apropoxfix and we'll see where we're at.

If I have helped you in any way, please consider a donation to help me continue the fight against malware.

Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!

Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu

Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)

Wait for the complete script execution box to pop up and press OK.

Press exit to terminate the BFU program.

Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

Edited by Buckeye_Sam, 19 May 2006 - 10:04 PM.

If I have helped you in any way, please consider a donation to help me continue the fight against malware.

Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

Reboot and post a new hijackthis log.Let me know of any problems that you are still having.

If I have helped you in any way, please consider a donation to help me continue the fight against malware.

Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!

Scroll down and find the service called Microsoft DLL Registration Component

When you find it, double-click on it to open up Properties.

Click the Stop button(if available)

Change the Startup Type to Disabled.

Now hit Apply and then Ok.

Run Hijackthis and click on Open the Misc Tools section -> Delete an NT Service

Copy and paste this into the text box and click OK.

DLLReg

Close Hijackthis and any other open windows

Reboot and post a new hijackthis log.

Let me know of any problems that you are still having.

If I have helped you in any way, please consider a donation to help me continue the fight against malware.

Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!